Do you often take part in giveaways while online shopping? You know that usually, stores offer free services and some discounts on their selective products in the name of giveaways. But the recently launched dark web market for carding site BidenCash on the Hidden Wiki announced a huge giveaway of 1.9 million stolen cards. In these cards, you will get the data leaks for free to gain the title of the top carding shop among threat actors.
The Unique Dark Web Market on Hidden Wiki
Businesses usually provide discounts and promotional codes when celebrating their big event. BidenCash has offered its unique version of the blastic giveaway in the form of stolen personal financial details. They provide cardholder’s full names, credit card numbers, and bank information. For any seasoned hacker, this vulnerable information is a treasure when it comes to facilitating digital transactions.
The term carding is used to express the kind of credit card fraud where a stolen credit card is used to charge prepaid cards. By buying a prepaid gift card, fraudulent can cover their tracks, engage in money laundering, and use personal information in abusive ways.
There are two segments of the carding marketplace: they sell data in a text format. It includes the cardholder’s name, card number, and the card’s expiration date. The second method is in the form of card dumps, which are details that have been derived from the card’s magnetic stripe.
As a successive player in the cybercrime economy, BidenCash empowers bad actors to use these stolen credit cards to cover their illegal activities. There are two methods to steal this sensitive piece of information: data-stealing malware and point-of-sale devices.
Furthermore, this data contains credit card information from all over the world. The US card holders are on the radar and usually most affected by these cyber attacks. Moreover, China, Mexico, India, and UK credit card details are also sold on the dark web.
What Type of Information does this Marketplace Sale
Cybercriminals will use this type of rich information grab to target innocent people with additional attacks. The stolen data in underground online forums and the dark web market is known as fullz; you will find it on Hidden Wiki. On those platforms, cybercriminals purchase and sell stolen personal details. Fullz refers to the set of complete and fundamental information belonging to unsuspecting victims. Cybercriminals commonly use this set of complete information for fraudulent activities, like identity theft, credit card fraud, and other financial scams. The set of information known as Fullz includes:
- Full name of a person
- Date of birth
- Social security number
- Complete address
- Phone number
- Email address
- Bank account details
- Credit card information
- Other personally identifiable details
With the help of this precious information, cybercriminals can open fraudulent accounts under victim names and make unauthorized transactions.
The Hidden Wiki Goes Ballistic with a Huge Giveaway on the Dark Web Market
The BidenCash stolen credit card marketplace has announced the giveaway of 1.9 million for free to promote their store to cybercriminals. The latest giveaway from bidenCash includes credit and debit card credentials in plain text. But unlike the site’s old leaks, it does not include the names and emails of cardholders. BidenCash, the well-known dark web carding marketplace, has leaked over 1.9 million valid payment card details, including debit and credit card data, on a notorious Russian language cybercrime and hacking forum. In June 2023, the same forum offered the sale of military satellite access for $15,000.
The overall figure for leaked card details is 1.9 million. Upon deduplication, the accurate figure is reduced to 1.6 million cards. It was worth highlighting that on March 2023, BidenCash giveaway 2 million card details as part of its first-anniversary celebration. The leak consists of the full names of cardholders, bank details, card number and their expiration dates, CVV numbers, home addresses, and more than 500,000 email addresses.
Cyble, the cybersecurity researchers confirmed that the files contained over 2,165,700 bank cards, especially it contained 740,857 credit cards, 811,676 debit cards, and 293 charge cards. The largest piece, 965,846, belongs to United States card owners, here we mentioned the country name and number of victims.
| Country Name | Number of Cards |
| United States | 965,846 |
| Mexico | 97,665 |
| China | 97,003 |
| United Kingdom | 86,313 |
| Canada | 36,906 |
| India | 36,672 |
| Italy | 23,009 |
| South Africa | 22,798 |
| Australia | 21,361 |
| Brazil | 19,700 |
On the other hand, this time, the leak doesn’t include the names or email addresses of the card owners. Instead, the leaked details include the full payment card number, expiry date, and CVV numbers in a plain text format. However, the expiration date of most cards ranges between 2025 to 2029, but few cards expire in 2023.
The latest leak is the fourth credit card dump the carding shop has released for free since October 2022. With the previous leaks, the number of cards was 1.22 million, 2 million, and 230,000 stolen cards. It contains a total of over 5 million stolen cards leaked for free.
History of BidenCash
bidenCash is known as a hub for stolen credit and debit card data. It is operating on both the dark web and the clear net.BidenCash marketplace that you will find on Hidden Wiki. It was established in April 2022, following the seizure of other card markets and carding platforms by the Russian authorities. Since its existence, it has been grabbing the attention of both new and experienced cybercriminal customers.
After it was re-established in June 2022, BidenCash started a promotional campaign that consisted of sharing a dump of 8 million lines of stolen data for sale, including thousands of stolen credit cards. Since then, it has continued its work by utilizing the dumping method. It involves daily listings of stolen credit card data on the site and frequently dumping heavy amounts of stolen credit card information at the same time. It sells these credit card details for just as little as $0.15.
The Bidencash administrators use multiple web skimmers and info-stealer malware to collect both regular and dump-related listings. Only after one week, the website announced another promotional campaign to celebrate its first anniversary. This celebration time, the site dumped over 2 million stolen card data, and this time, it was free of cost.
Promotional Giveaways are not New in the Carding Sites
On the dark web marketplace, BidenCash is not the one who offers ballistic giveaways. The old criminal carding marketplace of the dark web that you will find on the hidden Wiki is known as AllWorld Cards. It posted on numerous hacking forums where they provided one million leaked credit cards for free. According to the reports, these credit cards were stolen between 2018 and 2019.
The threat actor addressed that a random sampling of 98 cards showed a minimum of 27% of the cards were still active. However, the report of D3Labs (an Italian security firm) shows that 50% of cards are still valid.
Cybersecurity firm Cyble also analyzed this credit card dump and states that the leak includes the full name of the cardholder, card numbers, expiration dates, CVV numbers, countries, states, cities, addresses, zip codes, email, and phone numbers for every credit card.
The Allworld cards site launched in May 2021 and has a huge listing of 2,634,615 credit cards. The country with the most cards is the U.S., with 1,167,616 cards for sale. Cards details range between $0.30 to $14.40, with 73% of the credit cards costing between $3 to $5. This site owner aims to be a big player and with this one million free dump. They will likely grab many other threat actors’ attraction to their card shop.
While Cybele has only analyzed 400,000 cards, the top five associated credit cards are as follows:
| Bank Name | Number of Cards |
| State Bank of India | 44,654 |
| JPMorgan Chase Bank N.Y | 27,440 |
| BBVA Bancomer S.A | 21,624 |
| The Toronto Dominion Bank | 14,647 |
| Poste Italiane S.P.A (Banco Posta) | 14,066 |
BidenCash vs. The Dark Web Competition
On February 15, 2021, when Joker’s Stash officially closed, various card marketplaces of the dark web will also be found in hidden Wiki attempting to earn the title of top card marketplace. Telegram-based card shops are increasingly conquering market share from more traditional web-based card shops. Currently, BidenCash is a mid-to-top-tier card marketplace in terms of volume and popularity among threat actors.
This shop has managed to regularly increase the volume of cards sold through its platform throughout 2022. They offered giveaways of free credit cards, which is the real reason behind its huge popularity among bad actors.
BidenCash was established on April 27, 2022, shortly after Russian authorities took action against several illegal card shops. That includes Forum, Trump Dumps, and UniCC, along the Sky-Fraud, which is the carding forum and remote desktop Protocol access shop UAS. These cybercrimes-related takedowns represent one of the last crack-downs of Russian authorities in the cybercrime world before its military 2022 invasion of Ukraine. It represents significant movements in the market of credit card shops as new and emergent card shops in the illegal landscape.
How Threat Actors Obtain Data and Utilize It
Card-not-Present
Card fraud commonly falls into two categories: card-not-present and card-present. Card-not-present fraud relies on breached financial data that is being sold and circulated on the dark web marketplace that you will find on the hidden Wiki, illegal forums, and chat services. Card-not-present fraud allows bad actors to be in control of a large number of compromised cards and credentials to fund unauthorized purchases. Furthermore, they can resell the stolen data to other carders. Who then leverage the exposed information most frequently through card cloning or online shopping account linking.
This information is generally leaked when a threat actor obtains data that is accidentally leaked. Doing with a code repository and misconfigured network device, financial details, and other personally identifiable information (PII) on unsecured websites and bank login information. However, they implement targeted skimming and shimming attacks against ATMs and POC systems. It is usually at gas stations where credit and debit card payments are accepted.
Card Present
Card-present fraud requires the bad actor to present a fake or stolen card to the merchants physically. This method has an obvious hazard that card-not-present fraudsters are not at risk of getting caught or the card being declined. This step is much more difficult for the bad actor selling card details or using them to make off with fraudulently buying goods and services. Card-present fraud has been typically overshadowed by card-not-present activity. However, it is still a present risk to retailers and financial institutions.
Malware
Some kinds of malware are specially made for data exportation or logging. These include remote access Trojans (RATs), which allow an attacker to make a remote connection to exfiltrate data and theif. These are (RATs) that can steal sign-in credentials, cookies, payment card numbers, and other browser-stored information.
Ransomware
Extortionist ransomware attacks blackmail the victim organization with the sale of private and sensitive details to get them to pay for the liberation. Ransomware gangs understand that retailers store sensitive customer data, including financial data. These could be precious both in negotiations and in the resale of the information on the dark web market on the hidden Wiki.
Credential Stuffing
Credential stuffing attacks, which include brute force attacks, refer to multiple techniques. It relies on testing a huge number of username and password combinations against sign-in infrastructure. Threat actors who carry out these kinds of attacks mostly do so to gain unauthorized access to poorly secured banks, e-commerce, or other type of accounts. They usually test the validity of compromised data before selling them on the dark web.
How to Protect Yourself from Cyber Attack
Cardholders should keep an eye on charges made to their accounts and immediately report any suspicious activity to their bank. Adding an extra layer of protection, such as validating certain purchases and setting up charging limits where possible. These were excellent ways to prevent cybercriminals from using stolen payment cards. Some banks also offer virtual cards that users can recall easily or one-time cards that are deleted automatically after making one purchase.
Final Words
In the dark web market on the hidden Wiki, BidenCash has emerged as a top-tier carding site on the darknet. This shop offers a wide range of stolen credit and debit card information for just as little as $0.15. However, to gain popularity and earn the title of top carding site, the marketplace announced huge giveaways periodically.